github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable more than one local domain to issue certificates for (#24)

Browse Source
This commit is contained in:
Arjan H
2021-12-03 20:31:55 +01:00
parent af69bd5ff4
commit 503d1e51ef
3 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gui/apply-boulder
View File

@@ -25,11 +25,15 @@ cat hostname-policy.yaml | tr '\n' '\r' | sed -e "s/Lockdown:.*//" | tr '\r' '\n
cat hostname-policy.yaml | tr '\n' '\r' | sed -e "s/Whitelist:.*//" | tr '\r' '\n' > hostname-policy.yaml.bak && mv hostname-policy.yaml.bak hostname-policy.yaml
if [ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]; then
echo "Lockdown:" >> hostname-policy.yaml
echo " - \"$PKI_LOCKDOWN_DOMAINS\"" >> hostname-policy.yaml
for d in $(echo $PKI_LOCKDOWN_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
echo " - \"$d\"" >> hostname-policy.yaml
done
fi
if [ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]; then
echo "Whitelist:" >> hostname-policy.yaml
echo " - \"$PKI_WHITELIST_DOMAINS\"" >> hostname-policy.yaml
for d in $(echo $PKI_WHITELIST_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
echo " - \"$d\"" >> hostname-policy.yaml
done
fi
if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]; then
sed -i -e "s/\(\"n_subject_common_name_included\"\)/\1,\"e_dnsname_not_valid_tld\"/" config/ca-a.json
@@ -37,10 +41,14 @@ if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]
REPLACEMENT=""
if [ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]; then
REPLACEMENT=" $PKI_LOCKDOWN_DOMAINS: 10000\n"
for d in $(echo $PKI_LOCKDOWN_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
REPLACEMENT+=" $d: 10000\n"
done
fi
if [ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]; then
REPLACEMENT=" $PKI_WHITELIST_DOMAINS: 10000\n"
for d in $(echo $PKI_WHITELIST_DOMAINS | sed -e "s/\\\r\\\n/ /g" | tr '\r' ' '); do
REPLACEMENT=" $d: 10000\n"
done
fi
cat rate-limit-policies.yml | tr '\n' '\r' | sed -e "s/\(must-staple.le.wtf: 10000\).*\( registrationOverrides:\)/\1\n$REPLACEMENT\2/" | tr '\r' '\n' > rate-limit-policies.yml.bak && mv rate-limit-policies.yml.bak rate-limit-policies.yml
cat rate-limit-policies.yml | tr '\n' '\r' | sed -e "s/\(certificatesPerFQDNSet:.*must-staple.le.wtf: 10000\).*/\1\n$REPLACEMENT/" | tr '\r' '\n' > rate-limit-policies.yml.bak && mv rate-limit-policies.yml.bak rate-limit-policies.yml

8
gui/templates/views/manage.tmpl
View File

@@ -163,13 +163,13 @@
<div class="form-group">
<label>Domain mode:</label><br/>
<span class="error config-error hidden" id="domainmode-error"></span>
<input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only this domain:<br/>
<input class="form-control non-fluid" type="text" id="lockdown_domains" name="lockdown_domains" value="{{ .LockdownDomains }}"/>
<input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only these domains (one per line):<br/>
<textarea class="form-control non-fluid" rows="3" cols="24" id="lockdown_domains" name="lockdown_domains">{{ .LockdownDomains }}</textarea>
<span class="error config-error hidden" id="lockdowndomains-error"></span>
<br/>
<input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow this domain (whitelist):<br/>
<input class="form-control non-fluid" type="text" id="whitelist_domains" name="whitelist_domains" value="{{ .WhitelistDomains }}"/>
<input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow these domains (whitelist; one per line):<br/>
<textarea class="form-control non-fluid" rows="3" cols="24" id="whitelist_domains" name="whitelist_domains">{{ .WhitelistDomains }}</textarea>
<span class="error config-error hidden" id="whitelistdomains-error"></span>
<br/>

8
gui/templates/views/setup.tmpl
View File

@@ -25,14 +25,14 @@
{{ with .Errors.DomainMode }}
<span class="error">{{ . }}</span><br/>
{{ end }}
<input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only this domain:<br/>
<input class="form-control non-fluid" type="text" id="lockdown_domains" name="lockdown_domains" value="{{ .LockdownDomains }}"/><br/>
<input type="radio" id="lockdown" name="domain_mode" value="lockdown" {{ if eq .DomainMode "lockdown"}}checked{{ end }}/> Lockdown to only these domains (one per line):<br/>
<textarea class="form-control non-fluid" rows="3" cols="24" id="lockdown_domains" name="lockdown_domains">{{ .LockdownDomains }}</textarea><br/>
{{ with .Errors.LockdownDomains }}
<span class="error">{{ . }}</span><br/>
{{ end }}
<input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow this domain (whitelist):<br/>
<input class="form-control non-fluid" type="text" id="whitelist_domains" name="whitelist_domains" value="{{ .WhitelistDomains }}"/><br/>
<input type="radio" id="whitelist" name="domain_mode" value="whitelist" {{ if eq .DomainMode "whitelist"}}checked{{ end }}/> Next to all official domains, also allow these domains (whitelist; one per line):<br/>
<textarea class="form-control non-fluid" rows="3" cols="24" id="whitelist_domains" name="whitelist_domains">{{ .WhitelistDomains }}</textarea><br/>
{{ with .Errors.WhitelistDomains }}
<span class="error">{{ . }}</span><br/>
{{ end }}